kubernetes集群部署DashBoard
搭建K8s DashBoard集群结构:
类型
主机名
ip
Master
k8s_master
192.168.3.216
Node
k8s_client1
192.168.3.217
Node
k8s_client2
192.168.3.219 以下操作都在k8s_master上执行:
一、镜像下载
# docker pull docker.io/siriuszg/kubernetes-dashboard-amd64:v1.5.1
Trying to pull repository docker.io/siriuszg/kubernetes-dashboard-amd64 ...
sha256:d0aebe2567a6b11d090403746f63df9dccd32aec9192decfd3794b0cce528930: Pulling from docker.io/siriuszg/kubernetes-dashboard-amd64
9d25d3817204: Pull complete
Digest: sha256:d0aebe2567a6b11d090403746f63df9dccd32aec9192decfd3794b0cce528930
Status: Downloaded newer image for docker.io/siriuszg/kubernetes-dashboard-amd64:v1.5.1
# docker pull registry.access.redhat.com/rhel7/pod-infrastructure
Using default tag: latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ...
Pulling repository registry.access.redhat.com/rhel7/pod-infrastructure
c99574180d51: Pull complete
1ada7c88ed3d: Pull complete
bcb4a96d0b39: Pull complete
Status: Downloaded newer image for registry.access.redhat.com/rhel7/pod-infrastructure:latest
二、配置kubernetes的dashboard
1、需要以下两个kubernetes-dashboard和dashboard-service配置文件。
kubernetes-dashboard.yaml
#需修改images和增加- --apiserver-host=http://192.168.3.216:8080
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation if Dashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
containers:
- name: kubernetes-dashboard
image: docker.io/siriuszg/kubernetes-dashboard-amd64:v1.5.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9090
protocol: TCP
args:
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
- --apiserver-host=http://192.168.3.216:8080
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
dashboard-service.yaml
#不需要做修改
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
2、执行启动,dashboard搭建完成。
# kubectl create -f kubernetes-dashboard.yaml
deployment "kubernetes-dashboard" created
# kubectl create -f dashboard-service.yaml
service "kubernetes-dashboard" created
3、验证:
执行以下命令
# kubectl get deployment --all-namespaces
NAMESPACE NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-system kubernetes-dashboard 1 1 1 1 1m
# kubectl get svc--all-namespaces
NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes 10.254.0.1 443/TCP 5d
kube-system kubernetes-dashboard 10.254.141.158 80:31633/TCP 1m
# kubectl get pod-o wide--all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE
kube-system kubernetes-dashboard-1270457039-t1z15 1/1 Running 0 2m 10.8.43.2 192.168.3.219
4、界面查看,浏览器输入:http://192.168.3.216:8080/ui
5、删除应用
# kubectl delete deployment kubernetes-dashboard --namespace=kube-system
deployment "kubernetes-dashboard" deleted
# kubectl delete svckubernetes-dashboard --namespace=kube-system
service "kubernetes-dashboard" deleted
报错解决:
1、无法拉取镜像registry.access.redhat.com/rhel7/pod-infrastructure:latest
# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ...
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
解决方法:
# yum install *rhsm* -y
2、浏览器打开ui界面报错
{ "kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "no endpoints available for service \"kubernetes-dashboard\"",
"reason": "ServiceUnavailable",
"code": 503
}
解决方法:
KUBE_ADMISSION_CONTROL配置中默认需要认证,编辑配置文件,在KUBE_ADMISSION_CONTROL中,去除SecurityContextDeny,ServiceAccount
# vim /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
重启服务,正常打开
页:
[1]